Wednesday, May 19, 2010

Guidance on the Role of a Governing Body

Good governance of IT projects alone would increase GDP in Australia by 1.6% and excellent governance would increase GDP by 3.1%! – Dr Raymond Young, Assistant Professor at University of Canberra

Mark Toomey, who represented the Australian Institute of Company Directors (AICD) and worked with Dr Young on the Standards Australia committee that developed the world's first jargon-free standard for effective corporate governance of the use of IT (AS 8015), and co-authored and edited the largely unchanged successor to that standard, ISO/IEC 38500, observed:

"Organizations that consistently have trouble with IT also consistently behave poorly when evaluated through the lens of ISO/IEC 38500. Examination of many IT problems, with both projects and operations shows that in every case, at least one and often, several of the principles has been violated." - Mark Toomey, in Waltzing with the Elephant

Only 27% of boards have the necessary skills and knowledge to provide that oversight

Only in 38% of firms do executive management have the requisite skills and knowledge to keep control over the use of IT

Only in 25% of firms are executives seen as having a good understanding of the costs, risks, opportunities and value associated with its portfolio of IT assets

"The survey results point to considerable gaps in the ability of boards to provide appropriate oversight of IT, compounded by corresponding weakness in executive management’s capability to set appropriate direction, control and monitor the IT agenda."

Lest we think it is just IT that organizations have problems with, I’m reminded of John Kotter's research that revealed only 30% of organizational change programmes succeed. Despite the thousands of books and courses dedicated to managing change since Kotter’s work, a 2008 survey by McKinsey found that still only one transformation in three succeeds.

These are perennial governance and leadership issues and boards of directors have a responsibility to properly address them. Being only 15 pages of jargon-free guidance for boards and executives, putting the ISO/IEC 38500 standard for corporate governance of IT in the hands of every serious director is not a bad way to start.